Module library
Ethical Hacking Automation
Automate Recon and scanning process with Vidoc. All security teams in one place
Laravel Debug Enabled
By kannthu
Vidoc ModuleDescription
What is "Laravel Debug Enabled?"
The "Laravel Debug Enabled" module is designed to detect misconfigurations in Laravel applications where the APP_DEBUG setting is enabled. This module targets Laravel, a popular PHP framework used for web application development. The severity of this module is classified as medium.
Author: notsoevilweasel
Impact
When the APP_DEBUG setting is enabled in Laravel, verbose error messages may be displayed. This can potentially expose sensitive information about the application's code and configuration, making it easier for attackers to identify vulnerabilities and exploit them.
How the module works?
The "Laravel Debug Enabled" module works by sending an HTTP GET request to the /_ignition/health-check endpoint of the target Laravel application. It then applies matching conditions to determine if the application has debug mode enabled.
The matching conditions for this module are as follows:
- The response body must contain the wordcan_execute_commands.
- The response status code must be 200.
If both conditions are met, the module will report a misconfiguration, indicating that Laravel's debug mode is enabled.
Remediation: Disable Laravel's debug mode by setting the APP_DEBUG configuration option to false.
Metadata: max-request: 1